<?php
$user = $_COOKIE["loggedIn"];
$pass = $_POST['passwordP'];
$name = $_POST['nameP'];
$day = $_POST['dayP'];
$month = $_POST['monthP'];
$year = $_POST['yearP'];
$email = $_POST['emailP'];
$country = $_POST['countryP'];
$webp = $_POST['webpP'];
$pic = $_POST['picP'];


$hostDB = "localhost";
$userDB = "ampersand";
$passDB = "palomitas";
$dbnameDB = "LYONUNO";

$canalDB = mysql_connect($hostDB, $userDB, $passDB);
$db = mysql_select_db($dbnameDB);

if ($name != ''){
	$sentencia = "update USERS set name =\"$name\" where nick = \"$user\"";
	mysql_db_query($dbnameDB, $sentencia,$canalDB);
}if ($day != '' && $month != '' && $year != ''){
	$sentencia = "update USERS set birthday =\"$year-$month-$day\" where nick = \"$user\"";
	mysql_db_query($dbnameDB, $sentencia,$canalDB);
}if ($email != ''){
	$sentencia = "update USERS set email =\"$email\" where nick = \"$user\"";
	mysql_db_query($dbnameDB, $sentencia,$canalDB);
}if ($webp != ''){
	$sentencia = "update USERS set webpage =\"$webp\" where nick = \"$user\"";
	mysql_db_query($dbnameDB, $sentencia,$canalDB);
}if ($country != ''){
	$sentencia = "update USERS set country_code =\"$country\" where nick = \"$user\"";
	mysql_db_query($dbnameDB, $sentencia,$canalDB);
}if ($pic != ''){
	$sentencia = "update USERS set pict_URL =\"$pic\" where nick = \"$user\"";
	mysql_db_query($dbnameDB, $sentencia,$canalDB);
}

$failure = 0;

if( $pass != ''){
	$sentencia = "select pass from USERS where nick=\"$user\"";
	$result = mysql_db_query($dbnameDB, $sentencia,$canalDB);
	$row = mysql_fetch_object($result);
	$olP = $row->pass;
	if( $olP != $_POST['oldPasswordP'] )
		$failure = 1;
	else{
		$sentencia = "update USERS set pass =\"$pass\" where nick = \"$user\"";
		mysql_db_query($dbnameDB, $sentencia,$canalDB);
	}
}

mysql_db_query($dbnameDB, "commit",$canalDB);

mysql_close($canalDB);

if ($failure == 1)
	header('Location: /main.php?page=incorrectPass.html');
else
	header('Location: /main.php');
?>

